From: Yonghong Song <yhs@fb.com>
To: Dan Carpenter <dan.carpenter@oracle.com>,
Steven Rostedt <rostedt@goodmis.org>,
Jiri Olsa <jolsa@kernel.org>
Cc: Ingo Molnar <mingo@redhat.com>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Andrii Nakryiko <andrii@kernel.org>,
Martin KaFai Lau <kafai@fb.com>, Song Liu <songliubraving@fb.com>,
John Fastabend <john.fastabend@gmail.com>,
KP Singh <kpsingh@kernel.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
bpf@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [PATCH] bpf: Use safer kvmalloc_array() where possible
Date: Thu, 26 May 2022 08:31:10 -0700 [thread overview]
Message-ID: <67e7906e-3f93-a979-f534-bfe7199f843f@fb.com> (raw)
In-Reply-To: <Yo9VRVMeHbALyjUH@kili>
On 5/26/22 3:24 AM, Dan Carpenter wrote:
> The kvmalloc_array() function is safer because it has a check for
> integer overflows. These sizes come from the user and I was not
> able to see any bounds checking so an integer overflow seems like a
> realistic concern.
>
> Fixes: 0dcac2725406 ("bpf: Add multi kprobe link")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> ---
> kernel/trace/bpf_trace.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/kernel/trace/bpf_trace.c b/kernel/trace/bpf_trace.c
> index 10b157a6d73e..7a13e6ac6327 100644
> --- a/kernel/trace/bpf_trace.c
> +++ b/kernel/trace/bpf_trace.c
> @@ -2263,11 +2263,11 @@ static int copy_user_syms(struct user_syms *us, unsigned long __user *usyms, u32
> int err = -ENOMEM;
> unsigned int i;
>
> - syms = kvmalloc(cnt * sizeof(*syms), GFP_KERNEL);
> + syms = kvmalloc_array(cnt, sizeof(*syms), GFP_KERNEL);
> if (!syms)
> goto error;
>
> - buf = kvmalloc(cnt * KSYM_NAME_LEN, GFP_KERNEL);
> + buf = kvmalloc_array(cnt, KSYM_NAME_LEN, GFP_KERNEL);
> if (!buf)
> goto error;
>
> @@ -2464,7 +2464,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
For this part of change, there is a similar pending patch here:
https://lore.kernel.org/bpf/399e634781822329e856103cddba975f58f0498c.1652982525.git.esyr@redhat.com/
which waits for further review. That patch tries to detect the overflow
explicitly to avoid possible kernel dmesg warnings. (See function
kvmalloc_node()).
> return -EINVAL;
>
> size = cnt * sizeof(*addrs);
> - addrs = kvmalloc(size, GFP_KERNEL);
> + addrs = kvmalloc_array(cnt, sizeof(*addrs), GFP_KERNEL);
> if (!addrs)
> return -ENOMEM;
>
> @@ -2489,7 +2489,7 @@ int bpf_kprobe_multi_link_attach(const union bpf_attr *attr, struct bpf_prog *pr
>
> ucookies = u64_to_user_ptr(attr->link_create.kprobe_multi.cookies);
> if (ucookies) {
> - cookies = kvmalloc(size, GFP_KERNEL);
> + cookies = kvmalloc_array(cnt, sizeof(*addrs), GFP_KERNEL);
> if (!cookies) {
> err = -ENOMEM;
> goto error;
next prev parent reply other threads:[~2022-05-26 15:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-05-26 10:24 [PATCH] bpf: Use safer kvmalloc_array() where possible Dan Carpenter
2022-05-26 15:31 ` Yonghong Song [this message]
2022-05-26 18:52 ` Dan Carpenter
2022-05-26 15:33 ` Jiri Olsa
2022-06-01 17:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=67e7906e-3f93-a979-f534-bfe7199f843f@fb.com \
--to=yhs@fb.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=dan.carpenter@oracle.com \
--cc=daniel@iogearbox.net \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=kafai@fb.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=rostedt@goodmis.org \
--cc=songliubraving@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox